Close Menu

    Subscribe to Updates

    Get the latest tech news from Tallwire.

      What's Hot

      NASA’s Bold Bid to Save Aging Swift Telescope Could Pioneer a New Era of Orbital Servicing

      July 7, 2026

      SAP Tightens Spending as Artificial Intelligence Strategy Reshapes Workforce Priorities

      July 7, 2026

      ord Rehires Veteran Engineers After AI Falls Short on Vehicle Quality

      July 6, 2026
      Facebook X (Twitter) Instagram
      • Tech
      • AI
      • Get In Touch
      Facebook X (Twitter) LinkedIn
      TallwireTallwire
      • Tech

        NASA’s Bold Bid to Save Aging Swift Telescope Could Pioneer a New Era of Orbital Servicing

        July 7, 2026

        ord Rehires Veteran Engineers After AI Falls Short on Vehicle Quality

        July 6, 2026

        San Francisco Tech Workers Struggle as AI Boom Inflates Costs

        July 6, 2026

        Researchers Find Americans Can Be Trained to Fight the Deepfake Fraud Explosion

        July 5, 2026

        Apple Seeks Approval to Buy Blacklisted Chinese Memory Chips Amid AI Supply Crunch

        July 5, 2026
      • AI

        SAP Tightens Spending as Artificial Intelligence Strategy Reshapes Workforce Priorities

        July 7, 2026

        California Expands State Government Use of Anthropic AI Through New Partnership

        July 6, 2026

        ord Rehires Veteran Engineers After AI Falls Short on Vehicle Quality

        July 6, 2026

        California Gas Price Lawsuit Puts California’s New Antitrust Law to the Test

        July 6, 2026

        AI Revolutionizes Political Campaigns Ahead of Midterms

        July 6, 2026
      • Security

        FCC Moves to Close Chinese Technology Loophole in Sweeping National Security Crackdown

        July 5, 2026

        Apple’s China Memory Gamble Highlights Growing AI Chip Crunch and Consumer Inflation

        July 2, 2026

        Cheap Chinese AI Models Gain Ground in America, Raising Strategic Concerns

        July 1, 2026

        Anthropic Alleges Massive AI Theft Campaign Linked to Alibaba

        June 30, 2026

        Chinese AI Surge Exposes U.S. Vulnerabilities in Tech Race

        June 29, 2026
      • Health

        House Approves Children’s Online Safety Bill, Setting Up Senate Showdown

        July 5, 2026

        AI Chatbots Fuel Dangerous Delusions in Vulnerable Users

        July 3, 2026

        Groundbreaking Robotic Mastectomy Offers New Hope For Breast Cancer Patients

        July 3, 2026

        Tabletop Fusion Reactor Raises Millions to Advance Next-Generation Cancer Treatments

        July 2, 2026

        German Merck Acquires Us Biotech Firm In Major Life Sciences Deal

        July 2, 2026
      • Science

        NASA’s Bold Bid to Save Aging Swift Telescope Could Pioneer a New Era of Orbital Servicing

        July 7, 2026

        Groundbreaking Robotic Mastectomy Offers New Hope For Breast Cancer Patients

        July 3, 2026

        Tabletop Fusion Reactor Raises Millions to Advance Next-Generation Cancer Treatments

        July 2, 2026

        AI Is Rapidly Transforming Scientific Research, Supercharging the Next Generation of PhD Talent

        July 2, 2026

        German Merck Acquires Us Biotech Firm In Major Life Sciences Deal

        July 2, 2026
      • Tech

        San Francisco Tech Workers Struggle as AI Boom Inflates Costs

        July 6, 2026

        Tech Skeptics Miss the Mark on Musk’s Bold AI Orbit Vision

        July 3, 2026

        Bipartisan Coalition Targets AI Workforce Disruption with Massive Retraining Push

        July 2, 2026

        Skilled Trades Gain New Respect As Generation Alpha Pushes Back Against The AI Hype

        July 1, 2026

        Walmart Expands Bay Area Tech Layoffs as AI-Driven Restructuring Continues

        June 30, 2026
      TallwireTallwire
      Home»Cybersecurity»Substack Users’ Contact Data Compromised in Months-Old Security Breach
      Cybersecurity

      Substack Users’ Contact Data Compromised in Months-Old Security Breach

      4 Mins Read
      Facebook Twitter Pinterest LinkedIn Tumblr Email
      Phoenix Attack: New RowHammer Variant Exposes DDR5 Memory to Rapid Breach
      Phoenix Attack: New RowHammer Variant Exposes DDR5 Memory to Rapid Breach
      Share
      Facebook Twitter LinkedIn Pinterest Email

      Substack has confirmed that an unauthorized third party accessed its systems in October 2025, resulting in the exposure of user email addresses, phone numbers, and other internal metadata, though the company says that passwords, credit card details, and other financial data were not accessed; the incident was discovered in early February 2026 and users are being warned to watch for phishing and suspicious communications as the breach may have affected hundreds of thousands of records. Source coverage reports the incident, the company’s notification to users, and details about the data involved.

      Sources

      https://www.theverge.com/tech/874255/substack-data-breach-user-emails-phone-numbers
      https://www.csoonline.com/article/4128287/substack-data-breach-leaks-users-email-addresses-and-phone-numbers.html

      Key Takeaways

      • A data breach at Substack exposed user contact information — specifically email addresses, phone numbers, and unspecified internal metadata — from an intrusion that occurred in October 2025 and was only identified in February 2026.

      • Substack asserts that more sensitive user data — including passwords, credit card numbers, and financial information — were not compromised, though the exact number of accounts affected has not been disclosed.

      • Security analysts warn that exposed contact information could facilitate phishing, SMS scams, and social engineering attacks, and users are being urged to remain vigilant for suspicious communications.

      In-Depth

      In a concerning development for digital privacy and platform trust, Substack has publicly confirmed that it experienced a significant security breach in October 2025 that resulted in the exposure of user email addresses, phone numbers, and other internal metadata from its systems. The incident went undetected for several months and was only identified in early February 2026, prompting the company to notify those potentially affected and warn about the risks that can follow such breaches.

      According to the notification Substack sent to users, an “unauthorized third party” gained access to the platform’s internal systems in October of last year. While Substack maintains that sensitive information including passwords and financial data like credit card numbers remained secure, the breach of email addresses and phone numbers is nonetheless serious. Such information is the backbone of personal digital identity and can be easily weaponized by bad actors to craft targeted phishing emails, SMS scams, and social engineering campaigns that impersonate trusted platforms or individuals. This kind of breach doesn’t just expose account details — it gives attackers the raw material needed to deceive victims into revealing more sensitive information or clicking on malicious links.

      The fact that Substack did not detect the intrusion for nearly four months raises questions about the robustness of its internal monitoring and detection protocols. It’s unclear exactly how many users are affected, with reports suggesting the possibility that hundreds of thousands of accounts — if not more — are involved, given hints on cybercrime forums of a large dataset circulating online. Substack has said it has since patched the vulnerability and is conducting a thorough investigation, but many users have been left vulnerable in the interim.

      Security experts emphasize that when email addresses and phone numbers are exposed, the subsequent risk doesn’t end with the initial breach. Attackers often use such exposed data to launch highly convincing phishing campaigns designed to elicit responses that lead to deeper compromise. For example, fraudsters can send messages that appear to come from Substack or affiliated services, urgently requesting users to “verify” credentials or “update” account settings, thereby tricking recipients into handing over secure information. In some cases, knowledge of a user’s phone number can also aid in SIM-swap attacks, where attackers persuade mobile carriers to transfer control of a phone number to another device, allowing them to intercept authentication messages and potentially bypass multi-factor authentication.

      Users affected by the incident are being urged to exercise heightened vigilance. That includes being cautious of unsolicited emails or texts that reference Substack or related services, avoiding clicking on links in messages that seem suspicious, and manually navigating to official sites to check account status rather than responding to prompts received in unsolicited communications. Additionally, adopting stronger protections such as unique email addresses across services, using authenticator apps instead of SMS for two-factor authentication, and employing password managers to ensure unique, strong passwords can help mitigate the damage from this and future breaches.

      For Substack itself, the breach represents a test of its commitment to user privacy and platform integrity. Trust is central to its business model, which connects newsletter creators with audiences in direct and personalized ways. Users are now looking to the company to be transparent about what went wrong, how many accounts were compromised, and what steps will be taken to prevent similar incidents as data privacy concerns continue to dominate the digital landscape. In the meantime, the broader lesson underscores that even well-funded and widely used platforms are vulnerable to cybersecurity failures, and that users must remain proactive about protecting their own digital information.

      Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
      Previous ArticleMassive Conduent Data Breach Affects Tens Of Millions Of Americans
      Next Article NASA Clears Smartphones for Artemis Moon Mission

      Related Posts

      SAP Tightens Spending as Artificial Intelligence Strategy Reshapes Workforce Priorities

      July 7, 2026

      California Expands State Government Use of Anthropic AI Through New Partnership

      July 6, 2026

      ord Rehires Veteran Engineers After AI Falls Short on Vehicle Quality

      July 6, 2026

      California Gas Price Lawsuit Puts California’s New Antitrust Law to the Test

      July 6, 2026
      Add A Comment
      Leave A Reply Cancel Reply

      Editors Picks

      NASA’s Bold Bid to Save Aging Swift Telescope Could Pioneer a New Era of Orbital Servicing

      July 7, 2026

      ord Rehires Veteran Engineers After AI Falls Short on Vehicle Quality

      July 6, 2026

      San Francisco Tech Workers Struggle as AI Boom Inflates Costs

      July 6, 2026

      Researchers Find Americans Can Be Trained to Fight the Deepfake Fraud Explosion

      July 5, 2026
      Popular Topics
      starlink spotlight Startup Series A Series B Stocks Taiwan Tech SpaceX UAE Tech Satellite Samsung Sundar Pichai Tesla Cybertruck Space Software Satya Nadella Viral trending Tim Cook Tesla
      Major Tech Companies
      • Apple News
      • Google News
      • Meta News
      • Microsoft News
      • Amazon News
      • Samsung News
      • Nvidia News
      • OpenAI News
      • Tesla News
      • AMD News
      • Anthropic News
      • Elbit News
      AI & Emerging Tech
      • AI Regulation News
      • AI Safety News
      • AI Adoption
      • Quantum Computing News
      • Robotics News
      Key People
      • Sam Altman News
      • Jensen Huang News
      • Elon Musk News
      • Mark Zuckerberg News
      • Sundar Pichai News
      • Tim Cook News
      • Satya Nadella News
      • Mustafa Suleyman News
      Global Tech & Policy
      • Israel Tech News
      • India Tech News
      • Taiwan Tech News
      • UAE Tech News
      Startups & Emerging Tech
      • Series A News
      • Series B News
      • Startup News
      Tallwire
      Facebook X (Twitter) LinkedIn Threads Instagram RSS
      • Tech
      • Entertainment
      • Business
      • Government
      • Academia
      • Transportation
      • Legal
      • Press Kit
      © 2026 Tallwire. Optimized by ARMOUR Digital Marketing Agency.

      Type above and press Enter to search. Press Esc to cancel.